[llvm-bugs] [Bug 39559] New: Segmentation fault when running check-clang-python with UBSan

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Nov 5 06:37:16 PST 2018 

https://bugs.llvm.org/show_bug.cgi?id=39559

            Bug ID: 39559
           Summary: Segmentation fault when running check-clang-python
                    with UBSan
           Product: new-bugs
           Version: trunk
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: david.stenberg at ericsson.com
                CC: llvm-bugs at lists.llvm.org

When running check-clang-python on trunk (r346128) with a
LLVM_USE_SANITIZER=Undefined build, I see a segmentation fault.

  $ env CLANG_LIBRARY_PATH=../../../../build-sanu/lib /usr/bin/python2.7 -m
unittest discover -v
  testConstantArray (tests.cindex.test_type.TestType) ... ERROR
  test_a_struct (tests.cindex.test_type.TestType) ... Segmentation fault (core
dumped)

LLVM was built, and the test was run, using:

  export LLVM_ROOT=/path/to/llvm-7.0/build/

  mkdir build-sanu

  pushd build-sanu
  cmake -G Ninja \
    -DCMAKE_BUILD_TYPE=Release \
    -DLLVM_ENABLE_ASSERTIONS=ON \
    -DCMAKE_C_COMPILER=$LLVM_ROOT/bin/clang \
    -DCMAKE_CXX_COMPILER=$LLVM_ROOT/bin/clang++ \
    -DLLVM_USE_SANITIZER=Undefined \
    ../.
  popd

  ninja -C build-sanu check-clang-python

The crash seems to occur in the following call to getenv() in
clang_createIndex():

  3247      // We use crash recovery to make some of our APIs more reliable,
implicitly
  3248      // enable it.
> 3249      if (!getenv("LIBCLANG_DISABLE_CRASH_RECOVERY"))
  3250        llvm::CrashRecoveryContext::Enable();

Backtrace (before stepi that results in segmentation fault):

  (gdb) bt
  #0  0x00007fffee590d80 in getenv at plt () from /llvm/build-sanu/lib/libclang.so
  #1  0x00007fffee5f9491 in clang_createIndex () at
../tools/clang/tools/libclang/CIndex.cpp:3249
  #2  0x00007ffff65dfc7c in ffi_call_unix64 () from
/usr/lib/x86_64-linux-gnu/libffi.so.6
  #3  0x00007ffff65df5ac in ffi_call () from
/usr/lib/x86_64-linux-gnu/libffi.so.6
  #4  0x00007ffff67f65fe in _ctypes_callproc () from
/usr/lib/python2.7/lib-dynload/_ctypes.x86_64-linux-gnu.so
  #5  0x00007ffff67f7f9e in ?? () from
/usr/lib/python2.7/lib-dynload/_ctypes.x86_64-linux-gnu.so
  #6  0x00000000004c84a5 in PyEval_EvalFrameEx ()

The segmentation fault seems to be due to the PLT entry for getenv() being
broken (?):

  (gdb) disas $pc
  Dump of assembler code for function getenv at plt:
  => 0x00007fffee590d80 <+0>:     jmpq   *0x62e2292(%rip)        #
0x7ffff4873018 <_GLOBAL_OFFSET_TABLE_+48>
     0x00007fffee590d86 <+6>:     pushq  $0x3
     0x00007fffee590d8b <+11>:    jmpq   0x7fffee590d40
  End of assembler dump.

  (gdb) x (void *) 0x7ffff4873018
  0x7ffff4873018 <_GLOBAL_OFFSET_TABLE_+48>:      0x026a7d86

  (gdb) x 0x026a7d86
  0x26a7d86:      Cannot access memory at address 0x26a7d86

This was seen when running on a Ubuntu 14.04.5 LTS installation. I have
unfortunately not been able to reproduce this on another machine yet.

I have tried building LLVM with a Clang 5.0 and a Clang 7.0 installation, with
the same results.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20181105/baf1ad95/attachment.html>

More information about the llvm-bugs mailing list